2016-09-08 13:11:39 -04:00
|
|
|
package container
|
|
|
|
|
|
|
|
import (
|
2018-05-03 21:02:44 -04:00
|
|
|
"context"
|
2016-09-08 13:11:39 -04:00
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"os"
|
2018-12-13 06:59:35 -05:00
|
|
|
"regexp"
|
2016-09-08 13:11:39 -04:00
|
|
|
|
2017-04-17 18:07:56 -04:00
|
|
|
"github.com/docker/cli/cli"
|
|
|
|
"github.com/docker/cli/cli/command"
|
|
|
|
"github.com/docker/cli/cli/command/image"
|
2017-01-11 16:54:52 -05:00
|
|
|
"github.com/docker/distribution/reference"
|
2016-12-24 19:05:37 -05:00
|
|
|
"github.com/docker/docker/api/types"
|
|
|
|
"github.com/docker/docker/api/types/container"
|
2017-05-08 13:51:30 -04:00
|
|
|
apiclient "github.com/docker/docker/client"
|
2016-09-08 13:11:39 -04:00
|
|
|
"github.com/docker/docker/pkg/jsonmessage"
|
|
|
|
"github.com/docker/docker/registry"
|
2017-03-09 13:23:45 -05:00
|
|
|
"github.com/pkg/errors"
|
2016-09-08 13:11:39 -04:00
|
|
|
"github.com/spf13/cobra"
|
|
|
|
"github.com/spf13/pflag"
|
|
|
|
)
|
|
|
|
|
|
|
|
type createOptions struct {
|
2018-03-08 08:35:17 -05:00
|
|
|
name string
|
|
|
|
platform string
|
|
|
|
untrusted bool
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewCreateCommand creates a new cobra.Command for `docker create`
|
2017-05-03 17:58:52 -04:00
|
|
|
func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
|
2016-09-08 13:11:39 -04:00
|
|
|
var opts createOptions
|
2016-12-23 14:09:12 -05:00
|
|
|
var copts *containerOptions
|
2016-09-08 13:11:39 -04:00
|
|
|
|
|
|
|
cmd := &cobra.Command{
|
|
|
|
Use: "create [OPTIONS] IMAGE [COMMAND] [ARG...]",
|
|
|
|
Short: "Create a new container",
|
|
|
|
Args: cli.RequiresMinArgs(1),
|
|
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
|
|
copts.Image = args[0]
|
|
|
|
if len(args) > 1 {
|
|
|
|
copts.Args = args[1:]
|
|
|
|
}
|
|
|
|
return runCreate(dockerCli, cmd.Flags(), &opts, copts)
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
flags := cmd.Flags()
|
|
|
|
flags.SetInterspersed(false)
|
|
|
|
|
|
|
|
flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
|
|
|
|
|
|
|
|
// Add an explicit help that doesn't have a `-h` to prevent the conflict
|
|
|
|
// with hostname
|
|
|
|
flags.Bool("help", false, "Print usage")
|
|
|
|
|
2017-08-02 20:31:32 -04:00
|
|
|
command.AddPlatformFlag(flags, &opts.platform)
|
2018-03-08 14:56:56 -05:00
|
|
|
command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
|
2016-12-23 14:09:12 -05:00
|
|
|
copts = addFlags(flags)
|
2016-09-08 13:11:39 -04:00
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2017-05-03 17:58:52 -04:00
|
|
|
func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, opts *createOptions, copts *containerOptions) error {
|
2017-03-07 17:19:54 -05:00
|
|
|
containerConfig, err := parse(flags, copts)
|
2016-09-08 13:11:39 -04:00
|
|
|
if err != nil {
|
|
|
|
reportError(dockerCli.Err(), "create", err.Error(), true)
|
|
|
|
return cli.StatusError{StatusCode: 125}
|
|
|
|
}
|
2018-10-10 06:18:29 -04:00
|
|
|
if err = validateAPIVersion(containerConfig, dockerCli.Client().ClientVersion()); err != nil {
|
|
|
|
reportError(dockerCli.Err(), "create", err.Error(), true)
|
|
|
|
return cli.StatusError{StatusCode: 125}
|
|
|
|
}
|
2018-03-08 08:35:17 -05:00
|
|
|
response, err := createContainer(context.Background(), dockerCli, containerConfig, opts)
|
2016-09-08 13:11:39 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-12-24 19:05:37 -05:00
|
|
|
fmt.Fprintln(dockerCli.Out(), response.ID)
|
2016-09-08 13:11:39 -04:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-08-02 20:31:32 -04:00
|
|
|
func pullImage(ctx context.Context, dockerCli command.Cli, image string, platform string, out io.Writer) error {
|
2017-01-11 16:54:52 -05:00
|
|
|
ref, err := reference.ParseNormalizedNamed(image)
|
2016-09-08 13:11:39 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Resolve the Repository name from fqn to RepositoryInfo
|
|
|
|
repoInfo, err := registry.ParseRepositoryInfo(ref)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2016-09-09 15:38:00 -04:00
|
|
|
authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
|
2016-09-08 13:11:39 -04:00
|
|
|
encodedAuth, err := command.EncodeAuthToBase64(authConfig)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
options := types.ImageCreateOptions{
|
|
|
|
RegistryAuth: encodedAuth,
|
2017-08-02 20:31:32 -04:00
|
|
|
Platform: platform,
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
responseBody, err := dockerCli.Client().ImageCreate(ctx, image, options)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer responseBody.Close()
|
|
|
|
|
|
|
|
return jsonmessage.DisplayJSONMessagesStream(
|
|
|
|
responseBody,
|
|
|
|
out,
|
|
|
|
dockerCli.Out().FD(),
|
|
|
|
dockerCli.Out().IsTerminal(),
|
|
|
|
nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
type cidFile struct {
|
|
|
|
path string
|
|
|
|
file *os.File
|
|
|
|
written bool
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cid *cidFile) Close() error {
|
2017-05-09 18:35:25 -04:00
|
|
|
if cid.file == nil {
|
|
|
|
return nil
|
|
|
|
}
|
2016-09-08 13:11:39 -04:00
|
|
|
cid.file.Close()
|
|
|
|
|
2016-12-24 19:05:37 -05:00
|
|
|
if cid.written {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if err := os.Remove(cid.path); err != nil {
|
2017-03-09 13:23:45 -05:00
|
|
|
return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cid *cidFile) Write(id string) error {
|
2017-05-09 18:35:25 -04:00
|
|
|
if cid.file == nil {
|
|
|
|
return nil
|
|
|
|
}
|
2016-09-08 13:11:39 -04:00
|
|
|
if _, err := cid.file.Write([]byte(id)); err != nil {
|
2017-03-09 13:23:45 -05:00
|
|
|
return errors.Errorf("Failed to write the container ID to the file: %s", err)
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
cid.written = true
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func newCIDFile(path string) (*cidFile, error) {
|
2017-05-09 18:35:25 -04:00
|
|
|
if path == "" {
|
|
|
|
return &cidFile{}, nil
|
|
|
|
}
|
2016-09-08 13:11:39 -04:00
|
|
|
if _, err := os.Stat(path); err == nil {
|
2017-03-09 13:23:45 -05:00
|
|
|
return nil, errors.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
f, err := os.Create(path)
|
|
|
|
if err != nil {
|
2017-03-09 13:23:45 -05:00
|
|
|
return nil, errors.Errorf("Failed to create the container ID file: %s", err)
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
return &cidFile{path: path, file: f}, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.ContainerCreateCreatedBody, error) {
|
2017-03-07 17:19:54 -05:00
|
|
|
config := containerConfig.Config
|
|
|
|
hostConfig := containerConfig.HostConfig
|
|
|
|
networkingConfig := containerConfig.NetworkingConfig
|
2016-09-08 13:11:39 -04:00
|
|
|
stderr := dockerCli.Err()
|
|
|
|
|
2018-12-13 06:59:35 -05:00
|
|
|
warnOnOomKillDisable(*hostConfig, stderr)
|
|
|
|
warnOnLocalhostDNS(*hostConfig, stderr)
|
|
|
|
|
2017-01-11 16:54:52 -05:00
|
|
|
var (
|
2017-05-09 18:35:25 -04:00
|
|
|
trustedRef reference.Canonical
|
|
|
|
namedRef reference.Named
|
2017-01-11 16:54:52 -05:00
|
|
|
)
|
|
|
|
|
2017-05-09 18:35:25 -04:00
|
|
|
containerIDFile, err := newCIDFile(hostConfig.ContainerIDFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
2017-05-09 18:35:25 -04:00
|
|
|
defer containerIDFile.Close()
|
2016-09-08 13:11:39 -04:00
|
|
|
|
2017-01-11 16:54:52 -05:00
|
|
|
ref, err := reference.ParseAnyReference(config.Image)
|
2016-09-08 13:11:39 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-01-11 16:54:52 -05:00
|
|
|
if named, ok := ref.(reference.Named); ok {
|
2017-01-25 19:54:18 -05:00
|
|
|
namedRef = reference.TagNameOnly(named)
|
2016-09-08 13:11:39 -04:00
|
|
|
|
2018-03-08 14:56:56 -05:00
|
|
|
if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
|
2016-09-08 13:11:39 -04:00
|
|
|
var err error
|
2017-01-11 16:54:52 -05:00
|
|
|
trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef, nil)
|
2016-09-08 13:11:39 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-01-11 16:54:52 -05:00
|
|
|
config.Image = reference.FamiliarString(trustedRef)
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
//create the container
|
2018-03-08 08:35:17 -05:00
|
|
|
response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, opts.name)
|
2016-09-08 13:11:39 -04:00
|
|
|
|
|
|
|
//if image not found try to pull it
|
|
|
|
if err != nil {
|
2017-10-11 09:31:09 -04:00
|
|
|
if apiclient.IsErrNotFound(err) && namedRef != nil {
|
2017-01-11 16:54:52 -05:00
|
|
|
fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
|
2016-09-08 13:11:39 -04:00
|
|
|
|
|
|
|
// we don't want to write to stdout anything apart from container.ID
|
2018-03-08 08:35:17 -05:00
|
|
|
if err := pullImage(ctx, dockerCli, config.Image, opts.platform, stderr); err != nil {
|
2016-09-08 13:11:39 -04:00
|
|
|
return nil, err
|
|
|
|
}
|
2017-01-11 16:54:52 -05:00
|
|
|
if taggedRef, ok := namedRef.(reference.NamedTagged); ok && trustedRef != nil {
|
|
|
|
if err := image.TagTrusted(ctx, dockerCli, trustedRef, taggedRef); err != nil {
|
2016-09-08 13:11:39 -04:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Retry
|
|
|
|
var retryErr error
|
2018-03-08 08:35:17 -05:00
|
|
|
response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, opts.name)
|
2016-09-08 13:11:39 -04:00
|
|
|
if retryErr != nil {
|
|
|
|
return nil, retryErr
|
|
|
|
}
|
2017-08-31 17:07:16 -04:00
|
|
|
} else {
|
|
|
|
return nil, err
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, warning := range response.Warnings {
|
|
|
|
fmt.Fprintf(stderr, "WARNING: %s\n", warning)
|
|
|
|
}
|
2017-05-09 18:35:25 -04:00
|
|
|
err = containerIDFile.Write(response.ID)
|
|
|
|
return &response, err
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
2018-12-13 06:59:35 -05:00
|
|
|
|
|
|
|
func warnOnOomKillDisable(hostConfig container.HostConfig, stderr io.Writer) {
|
|
|
|
if hostConfig.OomKillDisable != nil && *hostConfig.OomKillDisable && hostConfig.Memory == 0 {
|
|
|
|
fmt.Fprintln(stderr, "WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// check the DNS settings passed via --dns against localhost regexp to warn if
|
|
|
|
// they are trying to set a DNS to a localhost address
|
|
|
|
func warnOnLocalhostDNS(hostConfig container.HostConfig, stderr io.Writer) {
|
|
|
|
for _, dnsIP := range hostConfig.DNS {
|
|
|
|
if isLocalhost(dnsIP) {
|
|
|
|
fmt.Fprintf(stderr, "WARNING: Localhost DNS setting (--dns=%s) may fail in containers.\n", dnsIP)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// IPLocalhost is a regex pattern for IPv4 or IPv6 loopback range.
|
|
|
|
const ipLocalhost = `((127\.([0-9]{1,3}\.){2}[0-9]{1,3})|(::1)$)`
|
|
|
|
|
|
|
|
var localhostIPRegexp = regexp.MustCompile(ipLocalhost)
|
|
|
|
|
|
|
|
// IsLocalhost returns true if ip matches the localhost IP regular expression.
|
|
|
|
// Used for determining if nameserver settings are being passed which are
|
|
|
|
// localhost addresses
|
|
|
|
func isLocalhost(ip string) bool {
|
|
|
|
return localhostIPRegexp.MatchString(ip)
|
|
|
|
}
|